oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

allow keytab specifiction to gsskrb5_register_acceptor_identity

Browse Source
This commit is contained in:
Love Hornquist Astrand
2011-04-07 07:15:01 -07:00
parent 372db4d853
commit 3d36172090
3 changed files with 44 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
lib/gssapi/krb5/accept_sec_context.c
View File

@@ -36,6 +36,24 @@
HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER; HEIMDAL_MUTEX gssapi_keytab_mutex = HEIMDAL_MUTEX_INITIALIZER;
krb5_keytab _gsskrb5_keytab; krb5_keytab _gsskrb5_keytab;
static krb5_error_code
validate_keytab(krb5_context context, const char *name, krb5_keytab *id)
{
krb5_error_code ret;
ret = krb5_kt_resolve(context, name, id);
if (ret)
return ret;
ret = krb5_kt_have_content(context, *id);
if (ret) {
krb5_kt_close(context, *id);
*id = NULL;
}
return ret;
}
OM_uint32 OM_uint32
_gsskrb5_register_acceptor_identity (const char *identity) _gsskrb5_register_acceptor_identity (const char *identity)
{ {
@@ -55,15 +73,23 @@ _gsskrb5_register_acceptor_identity (const char *identity)
if (identity == NULL) { if (identity == NULL) {
ret = krb5_kt_default(context, &_gsskrb5_keytab); ret = krb5_kt_default(context, &_gsskrb5_keytab);
} else { } else {
char *p = NULL; /*
* First check if we can the keytab as is and if it has content...
ret = asprintf(&p, "FILE:%s", identity); */
if(ret < 0 || p == NULL) { ret = validate_keytab(context, identity, &_gsskrb5_keytab);
HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); /*
return GSS_S_FAILURE; * if it doesn't, lets prepend FILE: and try again
*/
if (ret) {
char *p = NULL;
ret = asprintf(&p, "FILE:%s", identity);
if(ret < 0 || p == NULL) {
HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
return GSS_S_FAILURE;
}
ret = validate_keytab(context, p, &_gsskrb5_keytab);
free(p);
} }
ret = krb5_kt_resolve(context, p, &_gsskrb5_keytab);
free(p);
} }
HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex); HEIMDAL_MUTEX_unlock(&gssapi_keytab_mutex);
if(ret) if(ret)

13
lib/gssapi/krb5/acquire_cred.c
View File

@@ -81,17 +81,18 @@ __gsskrb5_ccache_lifetime(OM_uint32 *minor_status,
static krb5_error_code static krb5_error_code
get_keytab(krb5_context context, krb5_keytab *keytab) get_keytab(krb5_context context, krb5_keytab *keytab)
{ {
char kt_name[256];
krb5_error_code kret; krb5_error_code kret;
HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex); HEIMDAL_MUTEX_lock(&gssapi_keytab_mutex);
if (_gsskrb5_keytab != NULL) { if (_gsskrb5_keytab != NULL) {
kret = krb5_kt_get_name(context, char *name = NULL;
_gsskrb5_keytab,
kt_name, sizeof(kt_name)); kret = krb5_kt_get_full_name(context, _gsskrb5_keytab, &name);
if (kret == 0) if (kret == 0) {
kret = krb5_kt_resolve(context, kt_name, keytab); kret = krb5_kt_resolve(context, name, keytab);
krb5_xfree(name);
}
} else } else
kret = krb5_kt_default(context, keytab); kret = krb5_kt_default(context, keytab);

17
lib/gssapi/krb5/add_cred.c
View File

@@ -123,23 +123,11 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
} }
if (cred->keytab) { if (cred->keytab) {
char name[KRB5_KT_PREFIX_MAX_LEN + MAXPATHLEN]; char *name = NULL;
int len;
ret = GSS_S_FAILURE; ret = GSS_S_FAILURE;
kret = krb5_kt_get_type(context, cred->keytab, kret = krb5_kt_get_full_name(context, cred->keytab, &name);
name, KRB5_KT_PREFIX_MAX_LEN);
if (kret) {
*minor_status = kret;
goto failure;
}
len = strlen(name);
name[len++] = ':';
kret = krb5_kt_get_name(context, cred->keytab,
name + len,
sizeof(name) - len);
if (kret) { if (kret) {
*minor_status = kret; *minor_status = kret;
goto failure; goto failure;
@@ -147,6 +135,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_add_cred (
kret = krb5_kt_resolve(context, name, kret = krb5_kt_resolve(context, name,
&handle->keytab); &handle->keytab);
krb5_xfree(name);
if (kret){ if (kret){
*minor_status = kret; *minor_status = kret;
goto failure; goto failure;